Small Suppliers Must Beef Up Security
Attacks on small- and midsized businesses are on the rise, particularly against those firms supplying, and thus having access to, larger companies.
As larger companies shore up their defenses, attackers have shifted their focus to the smaller companies that supply goods and services to those enterprises in hopes of gaining access to the bigger targets' networks and data.
The trend appears to be gaining steam. In the first half of 2012, small businesses alone accounted for 36 percent of all targeted attacks, up from 18 percent at the end of 2011, according to data from Symantec. Overall, about half of all targeted attacks hit SMBs in 2011, the security firm's annual Internet Security Threat Report says.
Retailers, restaurants, law firms, and doctors' offices have all found themselves increasingly in the crosshairs, but firms that partner with larger enterprises are at more risk. The trend has not gone unnoticed. Small-business associations are increasingly exhorting their members to focus on data security and warning them that larger customers will expect a more mature approach to safeguarding data and access.
While regulations and mandates may not be on the way, small- and midsized businesses should expect that contract language will crop up requiring them to take prudent measures to protect security. Moreover, if a client or customer is required to abide by one of the various regulatory frameworks, the supplier will need to follows the rules as well.
Up-to-date antivirus software and a firewall are not enough. Companies need to know when they are breached, and that requires more analysis than most SMBs can easily do. “Adding more security, whether as a managed service or as a homegrown security team, could break the bank of most SMBs,” says Eddie Schwartz, chief information security officer for RSA. Larger companies should help their smaller suppliers to create a more secure service and protect their data better, if it makes sense, he says. "In some cases, if you are a large organization, you may have to take on the cost of securing your supplier in some way," he says. "That's just the cost of doing business today."
How much does your Andriod phone know about you?
Some 26 percent of Android apps in Google Play can access personal data, such as contacts and email, and 42 percent, GPS location data – in many cases, whether they need it or not. 31 percent of the apps access phone calls or phone numbers, and 9 percent employ permissions that could cost the user money, such as incurring premium SMS text message charges. Juniper studied more than 1.7 million apps -- free and paid -- in Google Play between March 2011 and September 2012, and found that free apps are 401 percent more likely to track location than paid ones, and 314 percent more likely to access user address books than apps you pay for. Why the aggressive power-grab of information by so many apps? While it may be about generating advertising revenue for free apps, in other cases it's just poor app development practices, security experts say. Just like in many software scenarios, convenience and form factor often take precedence over security. Whether it's poor code-writing or intentional invasiveness, these apps can cause real trouble for users as well as their employers. Juniper found that nearly 7 percent of free apps can access address books, 2.6 percent, can send text messages without the user knowing, 6.4 percent can make calls, and 5.5 percent have access to the device's camera. The bottom line is, you have to be careful about what apps you are downloading, and what information they may be able to access on your phone. Mobile Antivirus software is encouraged.